The 12 days of GCHQ quizmas: test your brain power with these daily puzzles

Jamming Tripoli: how insurgents fought back against Gaddafi’s spy network

This article was taken from the June 2012 issue of Wired magazine. Be the first to read Wired's articles in print before they're posted online, and get your hands on loads of additional content bysubscribing online.

He once was known as al-Jamil -- the Handsome One -- for his chiselled features and dark curls. But four decades as dictator had considerably dimmed the looks of Muammar Gaddafi. At 68, he now wore a face lined with deep folds and his lips hung slack, crested with a sparse moustache. He stepped from the shadows of his presidential palace to greet Ghaida al-Tawati, whom he had summoned that evening by sending one of his hulking female bodyguards to fetch her. It was the first time Tawati had seen him without his sunglasses.

ADVERTISEMENT

Libya was in an uproar. It was 10 February, 2011, the beginning of the Arab Spring -- a series of uprisings, revolutions and civil wars that would radically alter the politics of the Middle East. In Libya, opponents of the Gaddafi regime had called for a day of protest on 17 February, to mark the anniversary of a 2006 protest in the city of Benghazi, where security forces had killed 11 demonstrators and wounded dozens more.

Tawati was one of the most outspoken dissidents blogging openly from inside Libya. The 34-year-old had come to political consciousness during the mid-2000s. Her parents had divorced when she was young; in Libya, growing up with a single mother made her a social outcast. The injustice she experienced as a child led her to critique the injustice of the regime, particularly on women's issues, and over time she won a modest online following. As 17 February approached, she blogged that if Libyans failed to turn out for the demonstrations she would set fire to herself just as Mohammed Bouazizi had done two months earlier on the streets of Tunisia. Gaddafi himself had heard news of this threat and decided he needed to meet her.

Read more

The WIRED 100

ByWIRED

Despite the dictator's haggard appearance, his manner remained confident and effusive. Gaddafi could be a legendary charmer, a man deeply at ease with ordinary Libyans. He seemed sympathetic to Tawati's request for more openness in Libya. Finally she worked up the courage to ask him why the government had blocked YouTube several months earlier.

Gaddafi acted oblivious. "Is it switched off?" he asked.

She complained to him about the way that allies of his regime had treated her. Ever since she'd started blogging under her own name in 2007, Tawati had been harassed -- and worse. "Ghaida al-Tawati, the goat of the internet," read one Facebook page her attackers created; a string of graphic sexual comments was posted underneath her photo. More bewildering, though, was the invasion of privacy: somehow, emails of hers had been leaked on to the internet, even displayed on state television. She had been accused of working with foreign agents. Her reputation as a woman had been smeared, she told Gaddafi. "If you want to get married," the dictator interjected, "we'll get you married to the best man." "I'm not interested in getting married," she replied. "So, have you made an appointment to burn yourself, then?" Gaddafi asked, a wry smile curling his lips.

ADVERTISEMENT

Read more

Justin Lin on his high-octane, diversity-fuelled Star Trek reboot

ByLogan Hill

But like Tawati, these activists would suffer at the hands of Gaddafi's spy service, whose own capabilities had been heightened by 21st-century technology. By now, it's well known that the Arab Spring showed the promise of the internet as a crucible for democratic activism. But, in the shadows, a second narrative unfolded, one that demonstrated the internet's equal potential for government surveillance and repression on a scale unimaginable with the analogue techniques of phone taps and informants. Today, with Gaddafi dead and a provisional government of former rebels in charge, we can begin to uncover the spying machine that helped the dictator cling to power.

***

The regime had been following Tawati online for years, and the harassment was mostly orchestrated by a group that came to be called the Electronic Army. According to former members, this loose organisation was founded several years ago when Mutassim Gaddafi, one of the dictator's playboy sons, had been enraged after videos of him attending a nude beach party on New Year's Eve were posted online. Mutassim, who chaired Libya's National Security Council, created a group of internet users, some paid, some voluntary, to try to take down those videos and other anti-Gaddafi material posted online. They bombarded YouTube with flags for copyright infringement and inappropriate content and waged a constant back-and-forth battle with critics of the regime, whom they would barrage with emails and offensive comments.

After all the cruelties she had endured as a child, Tawati could deal with the insults directed at her. But it stunned her when, in August 2010, some of her private email exchanges with other dissidents got leaked to Hala Misrati, a notorious TV propagandist and one of the Electronic Army's apparent leaders. How had her accounts been compromised? The answer, although she would not know it until after the regime fell, lay in a secret deal Gaddafi had made with a company called Amesys -- a subsidiary of the French defence firm Bull SA -- for technology that would allow his spy services to access all the data flowing through Libya's internet system. In a proposal to the regime dated 11 November, 2006, Amesys (then called i2e Technologies) laid out the specifications for its comprehensive Homeland Security Program. It included encrypted communications systems, bugged mobile phones (with sample phones included), and, at the plan's heart, a proprietary system called Eagle for monitoring the country's internet traffic.

Read more

Inside Red Bull's extreme bootcamp where athletes become winners

ByJoão Medeiros

A related Amesys presentation explained the significance of Eagle to a government seeking to control activities inside its borders. Warning of an "increasing need of high-level intelligence in the constant struggle against criminals and terrorism", the document touted Eagle's ability to capture bulk internet traffic passing through conventional, satellite and mobile-phone networks, and then to store that data in a filterable and searchable database. The database, in turn, could be integrated with other sources of intelligence, such as phone recordings, allowing security personnel to pick through audio and data from a given person all at once, in real time or by historical time stamp. In other words, instead of choosing targets and monitoring them, officials could simply sweep up everything, sort it by time and target, and then browse through it later at their leisure.

In 2007, Philippe Vannier, former head of Amesys and current chief executive of Bull, reportedly met Abdullah Senussi, Libya's head of intelligence, in Tripoli. A deal was signed that year, and beginning in 2008 Amesys engineers and technicians, many of them former French military personnel, travelled to Libya to set up several data and monitoring centres for the country's Internal Security service. According to engineers at Libyan internet provider LTT, two high-bandwidth "mirrors" were installed -- one on the country's main fibre-optic trunk and one inside the DSL switchboard -- to copy all internet traffic and feed it into the Eagle system, which became operational in 2009.

One of the monitoring centres, known as HQ 2, was located on the ground floor of a six-storey Internal Security building on Sikka Street in Tripoli. Inside, a sign on an interior door bore the logos of both Amesys and the Libyan government and warned, "Help keep our classified business secret.

Don't discuss classified information out of the HQ." Behind it, analysts sat at their terminals and used a web browser to log on to the Eagle system, where they would peruse their latest intercepts or search for new targets to monitor using keywords, phone numbers or email and IP addresses. The system was capable of collecting email, chat and voice-over-IP conversations, file transfers and even browsing histories from anyone who used broadband or dialup internet in Libya. The analysts could call up social-network diagrams for the targets they were hunting, with the links between each suspect showing the frequency and type of communication.

Read more

Behind the scenes with Chris Froome and Team Sky ahead of Tour De France 2016

ByJoão Medeiros

Emails of interest were labelled "follow-up" for the security services. A filing room with shelves of folders held thousands of printed-out emails and chat logs, case files with fingerprints and photographs and transcripts of phone intercepts faxed to the centre.

Eagle was only one of the tools the regime used against its online opponents. Unaware of the system's watchful gaze, Tawati assumed that her emails had started leaking because someone had gained access to her account. So in August 2010, she began chatting with a Libyan computer expert she had heard of called Ahmed Gwaider. She asked if she could hire him to help her, and he agreed. Unfortunately for her, Gwaider was a hacker in the employ of Libya's secret police.

The attitude of most Libyan hackers toward the Gaddafi regime tended to be hostile or at best neutral, but Gwaider got lured in. Rabia Ragoubi, a rebel sympathiser who befriended Gwaider when he joined a Linux users group that Ragoubi had founded, thinks the money proved too strong a pull.

Gwaider liked to trick his victims into giving up access themselves -- a method called social engineering. He sent Tawati a Word document infected with a Trojan, which installed malware on her computer when she opened it. At that point he had access to everything, including her Facebook account and her supposedly encrypted Skype conversations, which Gwaider siphoned off with malware that recorded all the audio on her machine. All of it got posted to the internet in an effort to smear her.

Read more

Entire buildings are being deleted from China's 'Street View' and no-one knows why

ByRowland Manthorpe

Even expatriate dissidents, who lived out of reach of the Eagle system, were targets of Gaddafi's hackers. One such case concerned a Libyan who was studying at the University of Dundee in Scotland and blogging under the name Walid Sheikh. He was of particular concern to the regime because of his seemingly intimate knowledge of its inner circles. He often published details about embarrassing incidents that were not publicly known, such as the time Gaddafi's son Mutassim struck another senior official during a dispute at the National Security Council. In real life, Walid Sheikh was a 36-year-old dental student named Ali Hamouda. An unlikely dissident, Hamouda was the scion of an important family in the southwestern city of Sebha; in fact, Hamouda hailed from the same tribe as Abdullah Senussi and had even attended the wedding of the security chief's daughter. As such, Hamouda was well connected and seemingly had less to fear and more to gain from Gaddafi's regime than most Libyans. But studying overseas exposed him for the first time to the true history of the regime.

Hamouda began contributing to Libya al-Mostakbal, a website run by Hassan al-Amin, an exiled Libyan dissident living in London. He was cautious in his communications with Amin -- the two never met in person, and Hamouda corresponded with him only under the name Nabeel. One day, while in Scotland, Hamouda answered a call on the special phone number he kept solely for his political activities. "Hello, Nabeel, what's your student number?" a man asked him in Arabic. No one besides Hassan al-Amin should have known that name, let alone connected it to that phone number. He hung up and called Amin to tell him that one of their email accounts must have been hacked. "Nabeel" had been compromised, but Hamouda felt confident that his true identity remained secure. In December 2010, after he had finished his degree and returned home to Sebha, he received a call from Senussi. This wasn't suspicious in itself; the intelligence chief had got Hamouda's phone number when the two met at his daughter's wedding. "Welcome back to Libya," Senussi said, before asking him to visit when he was in Tripoli. "You're so busy -- tell me when I can have an appointment," Hamouda said. "How about tomorrow?" Senussi replied.

Arriving in the capital the following morning, Hamouda had breakfast in a café and then showed up at Central Intelligence, where he was ushered in to see Senussi.

Hamouda was wary. The intelligence chief was infamous for the way in which his bland, friendly manner concealed a propensity for terrible violence.

Read more

The robot uprising has begun and it's about to change your life

ByTom Vanderbilt

Where exactly did he study? Senussi asked. Hamouda answered truthfully. What was his phone number and email address there? An aide came in with some papers. "Do you know Hassan al-Amin, that dog?" Senussi asked, taking two files and placing them in front of him on the table. "Yes, I saw him on TV," Hamouda replied slowly. "Do you know him?" Senussi asked again, his tone sharpening. Hamouda broke eye contact and glanced down at the table. He noticed that each file had a different name. On one was his own. On the other was written "Walid Sheikh". "I contacted him..." Hamouda began, but Senussi cut him off, shouting furiously: "You are an agent of foreign enemies! You are a betrayer!" Something snapped in Hamouda. He stood up, the blood rushing to his face, and began to shout back: "I never swore an oath to Muammar!" Hearing the commotion, two guards burst into the room and grabbed Hamouda, dragging him out to the hallway. He was thrown in prison for two months, where he was interrogated repeatedly about his activities online.

His identity had been discovered from the IP address on his emails to Amin. Spies had traced him to the dental school at the University of Dundee. Only four Libyan students were on scholarships there; only Ali Hamouda fit the profile of Walid Sheikh. Because of his family connections and the relative mildness of his offence, he was released on 7 February, ten days before the revolution exploded.

***

On 17 February, 2011, demonstrators filled the streets of Benghazi, in eastern Libya. The protests quickly turned violent when the regime attacked the crowds, and within days the armed uprising began. Over the following days, hundreds were killed as the army locked down the streets of the capital. The regime declared a general amnesty for common criminals and emptied jails to make room for political prisoners. Dissidents such as Tawati were rounded up -- she was arrested and taken to Abu Salim. Rabia Ragoubi, the Linux group founder, was betrayed by a friend for his rebel sympathies; he was beaten and tortured with electric prods, then imprisoned for the remainder of the war.

Read more

Warby Parker is bringing affordable eyewear to the developing world

ByRichard Benson

By the beginning of March, the regime had shut off access to the internet, rendering the Eagle system for the most part deaf. Now, as the battle see-sawed between the regime and the rebels across Libya, the cyberwar would be directed outwards, committed to the task of distributing pro-Gaddafi propaganda to the world and shutting down any attempts by rebels to send out their own message. A senior official at the country's internet provider, Mohammed Bayt al-Mal, was put in charge of expanding the Electronic Army, which grew to about 600 members in Tripoli alone.

Nadia (not her real name) volunteered for the Electronic Army to protect herself after her uncle was arrested for helping protesters during the demonstrations. A dark-haired medical student, she submitted her ID papers and was accepted. She and other volunteers would sit at the 40 or so PCs in the office, making pro-Gaddafi images, posting propaganda videos and creating dozens of fake accounts to leave comments online.

On the second floor of the Electronic Army building, off-limits to ordinary members, there was a team of hackers, and occasionally she talked to some of them during lunch. They were getting paid to break into the email and Instant Messenger accounts of expat dissidents. Some hackers were foreigners. "Gaddafi doesn't trust you Libyans," one of them, a Palestinian, told her.

Despite the internet shutdown, it became clear that information was somehow getting out of Tripoli.

Read more

Perry Chen on how Kickstarter balances profit with purpose

ByPerry Chen

At first the Electronic Army's own members were suspected. One day, Nadia says, Asian technicians came through to install monitoring gear in the factory where they all worked. The watchers would have to be watched.

But soon it was evident that the culprits were at large in the city. A memo from External Security, one of Libya's spy services, was sent out. "This is to inform you," it began, "that there is a group of people within Tripoli who call themselves the Free Generation Movement. They commit vandalism against the police and are distributing flags from the king's era.

They have also done interviews with a number of journalists inside of Tripoli." Worse, the group had found a way to get videos of all this subversive activity online. They needed to be stopped.

Under the scorching May sun, Niz and Mokhtar Mhani wrestled a satellite dish into the back of their car. The two young men, cousins with identical close-cropped haircuts, had picked a time when no one would be at the office. They simply climbed up to the roof and unbolted the dish.

Read more

Drone racing is set to become the world's next big sport

ByOliver Franklin-Wallis

Niz and Mokhtar weren't stealing it for themselves. They were two leaders of the Free Generation Movement, an underground group of roughly a dozen young activists, founded in the wake of 17 February. They had hoped the revolution would succeed peacefully, but after witnessing the brutal crackdown in the streets, they had decided to show the world that Tripolitanians opposed the regime and supported Nato's intervention. For that, they needed internet access. In a stroke of luck, Mokhtar had been able to hack into the satellite internet connection at his office, where he worked as a network administrator; by creating a secure VPN, he even set it up so that he and Niz could connect from home. When the satellite subscription ran out, they decided to steal the dish and set that up at home too, so there would be even less risk of discovery. A contact in Egypt could get them a new subscription.

At first, they used the dish to upload videos of themselves and friends staging mini-demonstrations in recognisable areas of the capital. Their videos went viral and were played on the rebel satellite TV channel. Before long, the Free Generation Movement became central to directing international press coverage about resistance in the capital. Thanks to that stolen dish, they had one of the few internet links out of Libya.

So naturally the regime was hunting them.

One day in July, a Libyan girl named Isra Rais started chatting with Mokhtar through his Free Generation account on Facebook. He assumed that, since she had internet access and was chatting in English, she was an expatriate. Thanking him for his service to the country, she asked him for a photo.

Read more

How Change.org motivates millions to change the world

ByKathryn Nave

He demurred. Could she call him on his phone, she asked. Again, Mokhtar declined. She asked for his address. Now suspicious, he gave her a phony reply. The mask dropped, and "Isra" wrote: "You are a traitor. When we catch you we gonna kill you."

By this point, the regime's electronic warfare had become even more sophisticated. Calls had long been monitored, but now the spies turned their attention to satellite phones. To avoid Nato air strikes, one team of Ukrainian mercenaries set up shop in a children's nursery around the corner from the intelligence headquarters; from there they snooped on sat-phone traffic using frequency scanners. Gaddafi had declared that anyone caught with a satellite phone could be sentenced to death.

In the end, though, it was likely an email account that led Gaddafi's forces to the house of Mokhtar's parents. (Mokhtar believes the regime was monitoring the Free Generation Movement's private email address -- libyaresistance@gmail.com -- and that someone slipped and used Mokhtar's real name in an email.)

His father and brother were arrested, and he and Niz went into hiding. The Free Generation Movement went quiet.

It would be the final chapter in Gaddafi's cyberwar. Around the country, the battle had turned in favour of the rebels, who were closing in on the capital. The noose was tightening around Tripoli.

***

At dusk on 20 August, 2011, a cry rose up from the loudspeakers of the mosques of Tripoli: Allahu Akbar. God is great. For the past few days, a rumour had spread through the city that the signal for the final assault would come from the mosques.

Now that call had arrived. In the cells of Ain Zara prison, Rabia Ragoubi, gaunt and filthy from seven months of imprisonment and abuse, raised his head and smiled. Ghaida al-Tawati -- recently released after three months in a different prison -- watched as her brother and the men of their neighbourhood unearthed a cache of AK-47s they had hidden in the old Christian cemetery. She watched as her brother shouldered his rifle and ran off to join the battle in the presidential palace.

Over the next few days, all the important government sites fell into rebel hands. The prisons were liberated, the palace captured. Even the intelligence centres were forced to yield up their secrets. Later, researchers from Human Rights Watch and The Wall Street Journal obtained a massive cache of documents from their archives.

Wired reviewed many of these documents and conducted extensive interviews with dissidents and former regime officials to reveal the extent of Gaddafi's spying on his people. Because the colonel, in his paranoia, liked to create multiple, rival agencies with overlapping capabilities, it's extremely difficult to get a comprehensive view of just how his surveillance empire was structured. There is, however, substantial documentary and eyewitness evidence of the involvement of a number of important multinational companies.

Amesys, with its Eagle system, was just one of Libya's partners in repression. A South African firm called VASTech had set up a monitoring centre in Tripoli that snooped on all international phone calls, gathering and storing up to 40 million minutes of conversations each month. ZTE Corporation, a Chinese firm whose gear powered much of Libya's mobile phone infrastructure, is believed to have set up a parallel internet-monitoring system for External Security: photos from the basement of a makeshift surveillance site, obtained from Human Rights Watch, show components of its ZXMT system, comparable to Eagle. US firms likely bear some blame as well. On 15 February, just before the revolution, regime officials reportedly met in Barcelona with officials from Narus, a Boeing subsidiary, to discuss internet-filtering software. And the Human Rights Watch photos clearly show a manual for a satellite-phone-monitoring system sold by a subsidiary of L-3 Communications, a defence conglomerate based in New York. (Amesys, VASTech, ZTE and Narus did not respond to multiple interview requests; L-3 declined to comment.)

It's true that all these systems were sold to Gaddafi at a time when sanctions had been lifted and the regime was ostensibly collaborating with Western intelligence agencies. The export restrictions that limit the sale of arms to rogue nations do not currently cover this kind of surveillance gear, which is how some of it has turned up in countries like Syria and Myanmar, where Western weapons sales are forbidden. (A bill put before US Congress this year, the Global Online Freedom Act, could end this disparity for American companies. Also, in April, President Obama issued an executive order that authorised visa bans and financial restrictions against foreigners -- or foreign companies -- that provide surveillance technology to Iran or Syria.) "Massive intercept" technology has now become cheap and simple enough to export off the shelf, for sale to any government at a few tens of millions of pounds. You can run an approximation of 1984 from a couple of rooms filled with server racks. That's what Libya's spies did -- and what dictatorships around the world continue to do.

An uneasy peace now holds in Tripoli. Libyans are exuberant at having thrown off Gaddafi's rule, but the government is barely functional, and a patchwork of militias holds the capital. The city is full of strutting young men in mismatched uniforms, wielding weapons.

ADVERTISEMENT

Niz has returned to the UK, but Mokhtar and the Free Generation Movement are active in Libya's fledgling civil society, where they've sponsored a campaign for disarmament, among other initiatives. Ragoubi is wracked by stress from his prison spell. Tawati, meanwhile, carries on attacking the corruption of the new government.

Ahmed Gwaider has gone to ground. A number of sources say that he has been called back to work for the new government -- as an IT manager in the intelligence service.

Reached by phone last December, he admitted to being a proficient hacker and having worked for the former regime, but he declined to talk specifics. "I'm not going to implicate myself," he said. "Everything I did was for the country."<span class="s1">

Matthieu Aikins has reported on Afghanistan and the Middle East for Harper's, GQ and other publications